About wireless roaming for enterprise

This article is intended for system administrators for a school, business, or other organization.

This information applies to the following devices, running iOS 8 or later:

iPhone 5s and later

iPad Pro and later

iPad Air and later

iPad mini 2 and later

iPad (5th generation or later)

iPod touch (6th generation)

Trigger threshold

This is the minimum signal level a client needs to maintain a connection.

iOS clients monitor and maintain the Basic Service Set Identifier (BSSID)’s connection until the Received Signal Strength Indicator (RSSI) exceeds -70 dBm. Then, iOS scans for roam candidate BSSIDs for the new Extended Service Set Identifier (ESSID).

Keep this in mind when you design wireless cells and calculate their signal overlap. For example, you might design 5GHz cells that have a -67 dBm overlap. In this case, the iOS client keeps its connection to the BSSID longer than you expect. This is because iOS uses -70 dBm as the trigger. If the BSSID's RSSI is greater than -65 dBm, the iOS client prefers a 5GHz network.

Be sure to use the target device to measure cell overlap. Antennas on a notebook computer are much larger and more powerful than antennas on a smartphone or tablet. So if you use a notebook to measure overlap, iOS devices will have different cell boundaries than you expect.

Roam scan

This is when stations check for access points (APs) that support the current ESSID. The stations check all available channels in either the 2.4GHz band or the 5GHz band.

The roam scan runs more quickly if you turn on 802.11k on your control plane. This helps because iOS uses the first six entries in the neighbor report and reviews them to prioritize its scans. If you don’t turn on 802.11k, iOS has to scan more methodically. This can add several seconds to the discovery process.

For example, a user who is on a call might walk to the other side of the building. When the device crosses the -70 dBm threshold, it scans for roam targets. If it uses the neighbor report that 802.11k provides, it finds APs that support the current ESSID on three channels. It immediately scans those channels, finds that the AP on a channel has the appropriate signal strength, and roams. If you don’t turn on 802.11k, the client has to scan every channel on each band to find a roam target. This can add several seconds to the process.

Roam candidate selection criteria

This information can help you design a wireless network that supports real-time services, like voice and video.

iOS 8 and later, select target BSSIDs based on:

Whether the client transmits or receives a series of 802.11 data packets

The difference in signal strength against the current BSSID’s RSSI

When the client sends or receives data, it picks target BSSIDs whose RSSI is eight dB or greater than the current BSSID’s RSSI. When the client doesn't send or receive data, use a 12 dB differential.

For example, the RSSI of the current connection might drop to -75 dBm during a Voice over WLAN (VoWLAN) call. When this happens, iOS 8 and later search for BSSIDs that have an RSSI of at least -67 dBm.

If the call ends and the client stops sending or receiving data, iOS 8 and later search for BSSIDs that have an RSSI of at least -63 dBm. Note that 802.11 Management Frames and Control Frames don't count as data.

Roam performance

This is the amount of time that a client needs to authenticate to a new BSSID. To authenticate, the client has to find a valid roam candidate, then complete the roam process quickly. Otherwise, the user experiences an interruption in service.

Roaming is where the client authenticates against the new BSSID and deauthenticates from the current BSSID. The amount of time that this takes depends on the security and authentication method that you use.

If you use 802.1X-based authentication, the client must complete the EAP key exchange before it deauthenticates from the BSSID. This can take several seconds, depending on the environment’s authentication infrastructure. When this happens, the user experiences an interruption of service.

If you use 802.11r-based authentication, the client can preauthenticate against potential access points. This reduces the authentication time to milliseconds, and the user is unlikely to experience an interruption of service.

The Wi-Fi scanner in AirPort Utility

Apple’s AirPort Utility includes a Wi-Fi scanner that logs the client’s view of the network. Administrators can use it to validate the client’s view of the network at a specific location.

For accurate results, use the Wi-Fi scanner on a dedicated device that’s the same model as the iOS client.

On your iOS device, go to Settings > AirPort Utility to turn on the Wi-Fi scanner.

Next, open Airport Utility and tap Wi-Fi Scan.

By default, Wi-Fi Scanner runs continuously. Use the slider to set a scan duration of up to 60 seconds.

To start the scan, tap Scan. AirPort Utility lists all the SSIDs that it finds. This includes hidden networks, which appear as "Network name unavailable."

The AirPort Utility scans all available bands at four-second intervals. Enterprise networks that have multiple access points are grouped by BSSID. The scanner shows information about:

SSID

BSSID

Last RSSI

Channel

Last Time Found

To view a trace log of the scan results for an SSID and BSSID, tap the SSID:

The trace log shows the date and time of the scan, along with the channel and RSSI.

After the scan completes, you can share the results. Just tap the share icon (), then choose one of these options:

AirDrop

Message

Mail

Copy

AirPort Utility sends the results as a comma-separated list:

SSID, BSS, RSSI, Channel, time

"ACES", "18:64:72:D3:E9:40", "-57", "11", "12:02:03 PM"

"Cuba", "F8:1E:DF:F9:56:BC", "-53", "149", "12:02:03 PM"

"ACES", "18:64:72:D3:E9:50", "-63", "149", "12:02:03 PM"

"Cuba", "F8:1E:DF:F9:56:BB", "-69", "11", "12:02:03 PM"

"ACES", "18:64:72:D3:E9:40", "-67", "11", "12:02:07 PM"

The first line is a column header that shows the SSID, BSS, RSSI, Channel, and date fields. To analyze or chart the results, import the list into a spreadsheet or other tool.